Online customers utilize a variety of devices for online shopping and other activities, including mobile devices such as smartphones. Some mobile devices incorporate biometric sensors for identifying a user of the device, one example being a fingerprint sensor, a capacitive sensor which is typically utilized by the user placing her thumb or fingerprint over the sensor. Biometric sensors may be used to “unlock” a device and, more generally, to identify or authenticate a user.
Some mobile shopping applications (“Mshop apps”) support authenticating customers using the fingerprint sensor technology built into phones. Hereinafter, a customer is referred to as a user. A user may opt to enable using the fingerprint sensor with the Mshop application. If so, on request of the Mshop, an operating system (“OS”) may store the user's password and secure access to it utilizing the fingerprint sensor data. Subsequently, fingerprint sensor can be used to fetch the user's password when the user makes a request in the Mshop application, such as a purchase or credit card update that requires authentication. There is a need, however, for more secure procedures to better protect user passwords and enhance online security without unduly complicating or impeding online transactions.